Cisco Cisco Packet Data Gateway (PDG) Merkblatt
Rekeying SAs
▀ Rekey Traffic Overlap
▄ Cisco StarOS IP Security (IPSec) Reference
136
Initiator and Responder Rekeying Behavior
During rekeying, the old SA must not be deleted when the new SA is created. Traffic transmission on the new SA and
deletion of the old child SA occurs as depicted in the following diagram.
deletion of the old child SA occurs as depicted in the following diagram.
Figure 28. Initiator and Responder Behavior During Rekeying
Notes:
1. If Node-A does not send DELETE at [C], guard timer expiry in Node-B replaces event [D]; guard timer expiry
in Node-A replaces event [E}.
2. If Node-B does not send DELETE at [D], guard timer expiry in Node-A replaces event [E].
3. Guard timer expiry is fixed at 120 seconds.